Re: Review of: draft-otis-dkim-harmful

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Jun 4, 2013, at 9:13 AM, Murray S. Kucherawy <msk@xxxxxxxxxxxx> wrote:

On Tue, Jun 4, 2013 at 4:08 AM, Douglas Otis <doug.mtview@xxxxxxxxx> wrote:
In its current form, DKIM simply attaches a domain name in an unseen message fragment, not a message.  The ease in which the only assured visible fragment of the message signed by the domain being forged makes it impossible for appropriate handling to be applied or likely harm prevented.


There are existence proofs that contradict this claim.  They have been brought to your attention in the past.

Thank you for your response.  Could I trouble you for a reference to the proofs or for you to expand on what you specifically mean?  The draft otis-dkim-harmful addendum captured actual DKIM From header field spoofing delivered to the in-box for several major providers.

It appears you're continuing to assign semantics to DKIM signatures that simply aren't there.  I don't know what else can be done to clarify this.

The semantics of d=domain and dkim=pass appear to be at the root of the problem.    What other semantics are you suggesting?

Procedurally speaking, what path do you anticipate your draft following?

To require messages with invalidly repeated header fields to not return a "pass" for DKIM signature validation.

I apologize if I missed your response to a private query.   I hope to post an update shortly covering all expressed concerns.  

Regards,
Douglas Otis




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]